Next story in Tech and gadgets

What do all these names, some of which belong to popular singers,
have in common? They're commands used by a new state-sponsored
computer-espionage tool discovered by Russian anti-virus firm
Kaspersky Lab.

The espionage tool, dubbed "John" by its creators but "miniFlame"
or "SPE" by Kaspersky researchers, appears to have come from the
same malware factory that created Stuxnet, Duqu, Flame and Gauss.

"If Flame and Gauss were massive spy operations, infecting
thousands of users, miniFlame/SPE is a high-precision, surgical
attack tool," wrote an unnamed Kaspersky researcher in
an official blog posting today (Oct. 15).

Your tax dollars at work

Kaspersky's report, while exhaustive, discreetly avoids the
elephant in the room: All the above-named pieces of malware, plus
miniFlame, are probably the work of American intelligence
agencies. All of them primarily target computer systems in the
Middle East, and miniFlame is no exception.

"We believe that the choice of countries depends on the SPE
variant," the Kaspersky blog posting said. "For example, the
modification known as '4.50' is mostly found in Lebanon and
Palestine. The other variants were reported in other countries,
such as Iran, Kuwait and Qatar."

The largest number of infected machines was found in Lebanon.
Significant numbers appeared to be in France and the U.S., but
Kaspersky discounted many of those as the result of proxy
connections bouncing off servers in those countries while masking
the users' true locations.

"MiniFlame is in fact based on the Flame platform but is
implemented as an independent module," said the Kaspersky blog.
"It can operate either independently, without the main modules of
Flame in the system, or as a component controlled by Flame."

A Bunsen burner and a cigarette lighter

Flame is a very large, very sophisticated piece of spyware that
Kaspersky and other research facilities discovered in May, though
it is believed to date back to 2007. (MiniFlame may be a bit
younger, with known versions created over a one-year period
ending in September 2011.)

Flame infects a targeted computer by posing as a Windows security
update — itself
a remarkable feat — and then turns the computer into a
massive spying device.

It secretly turns on the microphone and webcam to record audio
and video, takes countless screenshots, maps out the local
network (and infects other machines on it), captures email and
instant messages, logs Web-browsing history and copies files.
Then it sends all the recorded data to a command-and-control
server before erasing itself.

MiniFlame does most of the same things, but with more precision,
going after only certain files instead of harvesting everything.
It also can send collected data to an attached USB drive if the
infected machine is not connected to the Internet, in hopes the
USB drive will eventually be plugged into a machine that is. (The
Stuxnet worm used a similar "sneakernet" method of distribution.)

Last month, an analysis
by Kaspersky and the American anti-virus firm Symantec of two
of Flame's command-and-control servers, which had been seized by
European police, revealed that the servers were coded to receive
input from four existing pieces of malware: Flame and three
others that hadn't yet been found. Kaspersky thinks that
miniFlame is, in fact, one of those three.

Burning money

Most interestingly, Kaspersky found in today's report that
MiniFlame can be used with
Gauss, a bank-account information-stealer that was found
targeting Lebanese banks earlier this summer. Until the discovery
of miniFlame, there wasn't anything solidly linking Gauss to the
other pieces of state-sponsored malware.

Kaspersky earlier established that some Flame modules were
used in an early version of Stuxnet, which crippled an
Iranian nuclear-fuel processing facility in 2010. In June,
government sources told the Washington Post that Flame was a
reconnaissance tool
used to "prepare the battlefield" for Stuxnet. Duqu is a
seldom-seen information-stealer that shares much of its code with
Stuxnet.

All of these pieces of malware may be part of " Olympic
Games," a U.S. cyberintelligence operation directed against
the Iranian nuclear program that the New York Times says was
begun by President George W. Bush and accelerated by President
Barack Obama.

Iran, currently battling crippling international sanctions
imposed upon it for not giving up what appears to be a
nuclear-weapons program, has a lot of money tied up in Lebanese
banks and can be assumed to be using those banks to evade
sanctions.

For American intelligence operatives, miniFlame would serve a
double duty in both tracking the Iranian nuclear program and the
money used to fund it.